Add callback SASL_CB_SERVER_CHANNEL_BINDING

[GuidoKiener]

Provide a callback function to change the channel binding type of servers (e.g. "tls-server-end-point" instead of "tls-unique") during authentication of secure mechanisms like GS2-KRB5-PLUS or SCRAM-SHA-256-PLUS.

The callback is used by the plugins SCRAM and GS2 when the desired binding type of the client does not match the binding type set with property SASL_CHANNEL_BINDING.
A server can check the requested type of channel binding and overwrite the current channel binding data with the property SASL_CHANNEL_BINDING before the authentication proceeds.

Issue #823

This patch is required to support channel binding for "tls-server-end-point" in cyrus-imapd.
See example: GuidoKiener/cyrus-imapd@5e0af18
Note that the example is not complete and requires more discussion about handling of certificates with signature algorithm SHA224, ED25519, and ED448.

[Neustradamus]

@GuidoKiener: I only discover this PR today! :)

No three possibilities?

cc: @cyrusimap team, @aamelnikov.

[GuidoKiener]

@GuidoKiener: I only discover this PR today! :)

No three possibilities?
Which three possibilities? With the callback you have unlimited possibilities.

[hyc]

The patches look OK but I think the example should be attached in a doc or README or something. The usage is not at all obvious without the example.

[GuidoKiener]

The patches look OK but I think the example should be attached in a doc or README or something. The usage is not at all obvious without the example.

I agree that an example or good README is always helpful. I also did not find a real SCRAM example in this repo with openssl and real channel binding like "tls-unique". Since I got no feedback about this patch for five months, I thought that nobody is interested in this security extension.
If you are willing to merge this branch, I can extend the simple example in

cyrus-sasl/sample/client.c

Line 445 in 0310178

if (cb_flag) {

and sample/server.c to show how a user can deal with two different types of channel binding. A real implementation can only be provided in cyurs-imapd (see example GuidoKiener/cyrus-imapd@5e0af18) which is driven by future security updates and discussion.
Does it work for you when I provide this example within two weeks?

[quanah]

Does it work for you when I provide this example within two weeks?

That would be great, thank you very much!

[GuidoKiener]

The patches look OK but I think the example should be attached in a doc or README or something. The usage is not at all obvious without the example.

@hyc , @quanah : A sample code is now provided. Here is an output when the client selects option -D with type 'tls-server-end-point':

$ ./client -D -m SCRAM-SHA-256-PLUS localhost
receiving capability list... recv: {92}
SCRAM-SHA-512-PLUS SCRAM-SHA-384-PLUS SCRAM-SHA-256-PLUS SCRAM-SHA-224-PLUS SCRAM-SHA-1-PLUS
SCRAM-SHA-512-PLUS SCRAM-SHA-384-PLUS SCRAM-SHA-256-PLUS SCRAM-SHA-224-PLUS SCRAM-SHA-1-PLUS
please enter an authentication id: guido
please enter an authorization id: guido
Password: 
send: {13}
SCRAM-SHA-256
send: {1}
Y
send: {73}
p=tls-server-end-point,a=guido,n=guido,r=FfiOkfowrbkAVZ1SpiCMVDaS+aLZDqm+
recv: {120}
r=FfiOkfowrbkAVZ1SpiCMVDaS+aLZDqm+BaiACgb6wd/Uq8A0k9P4+79mMR81ISwM,s=dcTGeYUJKRw2rzkiXZu2QM9QeDSCYDaJLb3zhHPJcR0=,i=4096
send: {184}
c=cD10bHMtc2VydmVyLWVuZC1wb2ludCxhPWd1aWRvLHVzZSBYNTA5X2RpZ2VzdCgpAA==,r=FfiOkfowrbkAVZ1SpiCMVDaS+aLZDqm+BaiACgb6wd/Uq8A0k9P4+79mMR81ISwM,p=696gLecQi1RVU+2jZOES7IA3uihIQ7wT1VEq1rc9c+Y=
recv: {46}
v=cHhVu6M81oUGC2/NnZe7AxNpUx8dssMDRPO33Xc9+3g=
send: {0}

successful authentication
closing connection

Does it solve your issue #800 ?
I just looked at /docsrc/sasl/... The documentation is out of sync with the current implemenation. I could give my 5 cents, but do not want to do the whole job if there is much extra work. Is there someone who feels responsible for the documentation?

[quanah]

Thank you very much! We will look at this as soon as we can, real life having some impact atm.